From 8eed52632113090a6497764cb0dfb7d8b561185b Mon Sep 17 00:00:00 2001 From: davidvader Date: Thu, 30 May 2024 09:12:11 -0500 Subject: [PATCH] enhance: better audience validation --- api/build/id_token.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/api/build/id_token.go b/api/build/id_token.go index 2fbe00088..a2b7fdab7 100644 --- a/api/build/id_token.go +++ b/api/build/id_token.go @@ -104,20 +104,31 @@ func GetIDToken(c *gin.Context) { } // if audience is provided, include that in claims + audience := []string{} + if len(c.QueryArray("audience")) > 0 { - audience := []string{} for _, a := range c.QueryArray("audience") { if len(a) > 0 { audience = append(audience, util.Sanitize(a)) } } - idmto.Audience = audience } + if len(audience) == 0 { + retErr := fmt.Errorf("unable to generate ID token: %s", "no audience provided") + + util.HandleError(c, http.StatusBadRequest, retErr) + + return + } + + idmto.Audience = audience + // mint token idt, err := tm.MintIDToken(ctx, idmto, database.FromContext(c)) if err != nil { - retErr := fmt.Errorf("unable to generate build token: %w", err) + retErr := fmt.Errorf("unable to generate ID token: %w", err) + util.HandleError(c, http.StatusInternalServerError, retErr) return